| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
If cb->get_string returns 0 with no result in otp_edata, make sure we
set retval to avoid sending an empty OTP hint. If cb->get_string
returns an error code in otp_verify, avoid masking that code.
|
| |
|
|
|
| |
Document that k5_json_object_set can be used to overwrite an existing
key, and make it possible to remove a key by setting it to NULL.
|
| |
|
|
|
|
|
|
|
| |
Add kadmin support for "addprinc -nokey", which creates a principal
with no keys, and "purgekeys -all", which deletes all keys from a
principal. The KDC was modified by #7630 to support principals
without keys.
ticket: 7679 (new)
|
| |
|
|
|
|
|
|
| |
When we allocate space for an array of key_data structures, make sure
we allocate at least one, so we don't spuriously fail on platforms
where malloc(0) returns NULL. Where we use malloc, use k5calloc
instead. Where we use krb5_db_alloc or realloc, just allocate an
extra entry.
|
| |
|
|
|
| |
When retrieving the list of a certificate's subjectAltName values, we
weren't freeing some of the temporary memory we used.
|
| |
|
|
|
|
| |
When walking the cache, if we skip a cred because it's a config entry,
make sure to free it. Also free the result of krb5_cc_get_principal.
Based on a patch from Nalin Dahyabhai.
|
| |
|
|
|
|
|
|
| |
The stacks of certificates and CRLs that we retrieve from CMS objects
include newly-owned references to the certificates and CRLs, so when we
go to free them, we need to remember to free those.
[ghudson@mit.edu: minor formatting change; removed unrelated style fix]
|
| | |
|
| |
|
|
|
|
|
|
| |
We've never used sigwait() before, and it has some problems on Solaris
10 (a nonconformant prototype by default, and experimentally it didn't
seem to work correctly with _POSIX_PTHREAD_SEMANTICS defined). Use a
pipe instead. Make t_daemon.py less chatty on stdout to avoid filling
the pipe buffer.
|
| |
|
|
|
| |
Use unsigned char for test encodings, since the initializers use
values greater than 127.
|
| |
|
|
|
| |
Wherever we use k5alloc with a multiplication in the size parameter,,
use the new k5calloc helper function instead.
|
| |
|
|
|
|
| |
Letting calloc() do multiplication helps avoid overflow bugs, so
provide an internal k5calloc() helper which accepts both calloc
arguments, and reimplement k5alloc() in terms of it.
|
| |
|
|
|
|
|
| |
Reorder (and trim) the imports in t_otp.py so that k5test is pulled in
before we try to import pyrad and multiprocessing. Otherwise
success() isn't defined in the case where we decide to skip the entire
test script.
|
| |
|
|
|
|
|
|
|
|
| |
This plugin implements the proposal for providing OTP support by
proxying requests to RADIUS. Details can be found inside the
provided documentation as well as on the project page.
http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS
ticket: 7678
|
| |
|
|
|
|
|
|
| |
The new library libkrad provides code for the parsing of RADIUS packets
as well as client implementation based around libverto. This library
should be considered unstable.
ticket: 7678 (new)
|
| |
|
|
|
|
| |
ticket: 7670 (new)
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An authenticated remote client can cause a KDC to crash by making a
valid TGS-REQ to a KDC serving a realm with a single-component name.
The process_tgs_req() function dereferences a null pointer because an
unusual failure condition causes a helper function to return success.
While attempting to provide cross-realm referrals for host-based
service principals, the find_referral_tgs() function could return a
TGS principal for a zero-length realm name (indicating that the
hostname in the service principal has no known realm associated with
it).
Subsequently, the find_alternate_tgs() function would attempt to
construct a path to this empty-string realm, and return success along
with a null pointer in its output parameter. This happens because
krb5_walk_realm_tree() returns a list of length one when it attempts
to construct a transit path between a single-component realm and the
empty-string realm. This list causes a loop in find_alternate_tgs()
to iterate over zero elements, resulting in the unexpected output of a
null pointer, which process_tgs_req() proceeds to dereference because
there is no error condition.
Add an error condition to find_referral_tgs() when
krb5_get_host_realm() returns an empty realm name. Also add an error
condition to find_alternate_tgs() to handle the length-one output from
krb5_walk_realm_tree().
The vulnerable configuration is not likely to arise in practice.
(Realm names that have a single component are likely to be test
realms.) Releases prior to krb5-1.11 are not vulnerable.
Thanks to Sol Jerome for reporting this problem.
CVSSv2: AV:N/AC:M/Au:S/C:N/I:N/A:P/E:H/RL:O/RC:C
ticket: 7668 (new)
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
| |
The localauth pluggable interface was added on master in February, but
we neglected to install its header file.
|
| |
|
|
|
|
|
|
|
| |
The ccselect pluggable interface was added in release 1.10, but we
neglected to install its header file.
ticket: 7671 (new)
target_version: 1.11.4
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
| |
The Windows SDK 8 dropped the command-line build environment, so
provide instructions for building with the Visual Studio (2012)
command-line build environment.
ticket: 7669 (new)
queue: kfw
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As advised by the VC 11 merge modules.
Windows Installer 4.5 requires Windows Server 2008, Windows Vista, Windows XP
with Service Pack 2 (SP2) and later, or Windows Server 2003 with Service
Pack 1 (SP1) and later. I believe we already enforce these restrictions
manually elsewhere, so this should not restrict our set of valid target
machines.
ticket: 7667 (new)
queue: kfw
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
|
|
|
|
|
|
| |
The merge modules need to reference VC110 paths.
Use a variable for VC100 versus VC110 so that we don't copy a lot
of boilerplate around.
ticket: 7666 (new)
queue: kfw
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
| |
The previous few commits introduced a couple of bugs where variables
could be used without being initialized. Fix them.
|
| |
|
|
|
|
|
|
|
|
| |
Create a test module for the pwqual interface, and script to exercise
the built-in and test modules through kadmin.local. Also create a
test harness to display the order of pwqual modules for the current
configuration, and use it to test the plugin module ordering
guarantees.
ticket: 7665
|
| |
|
|
|
|
|
| |
Register built-in localauth modules in the order we want them used by
default, and document accordingly.
ticket: 7665
|
| |
|
|
|
|
|
|
| |
Rewrite the plugin internals so that modules have a well-defined
order--either the order of enable_only tags, or dynamic modules
followed by the built-in modules in order of registration.
ticket: 7665 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the k5_sendto code for reading from a TCP socket, detect
end-of-stream when reading the length. Otherwise we can get stuck in
an infinite loop of poll() and read().
[ghudson@mit.edu: commit message]
ticket: 7508
target_version: 1.11.4
tags: pullup
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It's more aggressive about enforcing that keywords are not macros
in C++ mode, and has bumped the MFC version to 11.
Keep compatibility with older versions of Visual Studio, appropriately
conditionalized.
ticket: 7664 (new)
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
|
| |
ticket: 7440
tags: pullup
target_version: 1.11.4
|
| |
|
|
|
|
|
|
|
| |
When we are testing maximum renewable lifetimes, the KDC might process
the request at a later time than the request time (typically by no
more than one second). So we need to ask for a ticket lifetime longer
than the maximum renewable lifetime, not equal to it, or we risk
getting a just-barely-renewable ticket instead of a non-renewable one.
Also fix a couple of typos in comments.
|
| |
|
|
|
|
| |
Print "Server started" after calling listen(), or there wil be a race
where the client tries to connect before there is a listen queue and
gets ECONNREFUSED.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a new helper to compute the renewable lifetime for AS and TGS
requests. This has some minor behavior differences:
* We only issue a renewable ticket if the renewable lifetime is greater
than the normal ticket lifetime.
* We give RENEWABLE precedence over RENEWABLE-OK in determining the
requested renewable lifetime, instead of sometimes doing the
reverse.
* We use the client's maximum renewable life for TGS requests if we
have looked up its DB entry.
* Instead of rejecting requests for renewable tickets (if the client
or server principal doesn't allow it, or a TGS request's TGT isn't
renewable), issue non-renewable tickets.
ticket: 7661 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calculate request timestamps each time we encode a request, and use
the adjusted current time when calculating them, including adjustments
resulting from preauth-required errors early in the AS exchange.
As a side effect, this reverts one of the changes in commit
37b0e55e21926c7875b7176e24e13005920915a6 (#7063); we will once again
use the time adjustment from any ccache we read before the AS
exchange, if we don't have a more specific adjustment from a
preauth-required error.
Based on a patch from Stef Walter.
ticket: 7657 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Create helper functions to set the request nonce and to set the
request timestamp. Don't bother picking a nonce in
restart_init_creds_loop since we will just pick a new one in
init_creds_step_request. Create a library-internal function to get
the current time with possible adjustment from a preauth-required
error. Only set ctx->request_time in one place (just before encoding
each request). Remove unused parameters from stash_as_reply.
Partially based on a patch from Stef Walter.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Commit 37b0e55e21926c7875b7176e24e13005920915a6 (#7063) prevented
clock skew caused by preauth delay by recording the time of the
initial request. However, it failed to take into account delay
between requests due to prompting during preauthentication. Fix this
by recording the request time for each request.
ticket: 7656 (new)
|
| |
|
|
|
|
|
|
|
| |
Check return values of read() and write(). Avoid some unsigned
comparisons. Cast a ptrdiff_t value to int for use with %d in a
format string.
[ghudson@mit.edu: rewrap long lines; fix one more warning; commit
message]
|
| |
|
|
|
|
|
|
| |
In a static build, linking dbtest could fail on platforms where libdb2
depends on krb5support (platforms without a native mkstemp). Reported
by Gilles Espinasse <g.esp@free.fr>.
ticket: 7651
|
| |
|
|
|
|
|
|
|
|
|
| |
If we make multiple requests in an initial creds exchange, the
krb5_sendto_kdc call in k5_init_creds_get may flip the use_master
value from 0 to 1 if it detects that the response was from a master
KDC. Don't turn this into a requirement for future requests during
the same exchange, or we may have trouble following AS referrals.
Reported by Sumit Bose.
ticket: 7650
|
| |
|
|
|
|
|
|
|
|
| |
AC_MSG_RESULT is to print result after AC_MSG_CHECKING.
AC_MSG_NOTICE is to deliver message to user.
So use AC_MSG_NOTICE for --with options.
Remove overquoting too.
ticket: 7648
|
| |
|
|
|
|
|
| |
Commit 4b0985f8573840838bcfa8ec1df3dcd39a3dbf15 went a bit too far in
pruning the placeholder makefiles for the openssl and nss crypto
modules. We need enough boilerplate to create OBJS.SH in each
directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password. This allows empty passwords to work via
the API.
Remove the kadm5 test which explicitly uses an empty password.
Based on a patch from Stef Walter.
ticket: 7642
|
| |
|
|
|
|
|
|
|
|
|
| |
The internal UTF-8 to UCS-2 conversion functions did not properly
respect their length arguments, instead assuming that the input string
is terminated with a zero bytes. As a result,
krb5int_arcfour_string_to_key could fail on unterminated inputs. Fix
the underlying support functions to read their inputs only up to the
specified length.
ticket: 7643 (new)
|
| |
|
|
|
| |
Our portability assumptions now allow the use of variadic macros, so
don't warn or error on them.
|
| |
|
|
|
|
|
| |
If yasm and cpuid.h are present on a Linux i686 or x64 system, compile
the modified Intel AES-NI assembly sources. In the builtin AES enc
provider, check at runtime whether the CPU supports AES-NI
instructions and use the assembly functions if so.
|
| |
|
|
|
| |
Remove functions we don't need. Add macros to redefine functions with
an appropriate namespace prefix.
|
| |
|
|
|
|
| |
Add assembly files from the Intel AESNI Sample Library, version 1.2,
which implement AES encryption using AES-NI instructions. Trailing
whitespace was removed.
|
| |
|
|
|
|
|
| |
In preparation for AES-NI support, adjust the block encryption helpers
in the AES enc provider so that the cache is only touched by helpers,
and reframe the CTS operations in terms of CBC operations. Change the
Camellia enc provider as well for consistency.
|
| |
|
|
|
|
|
|
| |
Expand the concept of an IOV block state into a cursor which remembers
the IOV set being iterated over, the block size, and both input and
output positions. Eliminate the no-copy inline block getter for now,
but provide helpers to grab contiguous chains of blocks from a cursor.
Also provide an inline helper to sum the total length of an iov chain.
|
